Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Wormhole Worldcoin World ID State Root Bridge
HACKING NEWS

Wormhole Worldcoin World ID State Root Bridge

By Crypto FlexsNovember 26, 20243 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Wormhole Worldcoin World ID State Root Bridge
Share
Facebook Twitter LinkedIn Pinterest Email

The Wormhole Worldcoin World ID State Root Bridge protocol makes it possible to bridge the Worldcoin World ID state root from Ethereum to Solana. Worldcoin World ID utilizes: semaphoreThere is a single set containing the public key (or identity promise) for each verified user. Promises for this set are replicated to another blockchain, in this case Solana, where the new Merkle root is stored, allowing verified users to prove their identity.

Wormhole partnered with Ackee Blockchain Security to conduct a security review of the Wormhole Worldcoin World ID State Root Bridge protocol over a total of 11 engineering days from September 6 to September 27, 2024.

methodology

The audit began with understanding the high-level goals of the project, followed by a deeper analysis of the logic of the program. In the early stages we implemented fuzz testing, which was particularly helpful for two reasons. The goal was to increase understanding of the core concepts of the project and to start fuzzing as soon as possible to increase the likelihood of bug identification. For fuzzing we use trident. reference pull request With complete fuzz test code.

In the later stages of the audit, we focused on a manual review of the project, paying special attention to:

  • Ensure that preemption is not possible during the initialization process (e.g. configuration initialization).
  • Ensures that all configuration-related commands can only be executed by the relevant permissions.
  • Ensures correct deserialization and serialization of command input.
  • It ensures that reinitialization or denial of service is impossible while Guardian signatures are published to the Solana blockchain.
  • Ensures that there is no possibility of spoofing Guardian Signatures and Guardian Set accounts when publishing new state roots on the Ethereum blockchain.
  • It ensures that all published guardian signatures are verified sequentially and that signatures are not posted multiple times to artificially achieve quorum.
  • Ensure that personal identity verification processes are implemented correctly and that there are no sensitive data leaks.

range

An audit has been performed on the commit. 70f034 and a6f479 The respective ranges are as follows:

Findings

The audit results are as follows:

critical severity

No critical severity issues were found.

Severity High

H1: The latest available root may be inactive and potentially undesirably removed.

medium severity

M1: Arithmetic overflow may occur during route is_active check
M2: Missing mut forcing

low severity

No low-severity issues were found.

warning severity

W1: Reinitializable

Information Severity

I1: Signature malleability due to accommodating high and low order S values

conclusion

The review resulted in five findings ranging from information to high severity. The most severe result, H1, indicates a possible denial of service during identity verification. In Ethereum, if there is a relatively large gap (compared to root_expiry) between newly submitted root hashes, two undesirable scenarios can occur:

Ackee Blockchain Security recommends Wormhole.

  • Always ensure that there is at least one active root available for verification and avoid the possibility of all roots being removed.
  • Ensure that off-chain components function properly and adhere to best security practices.
  • Ensure that Guardian Set accounts stored on chain are well protected and that there is no possibility for an attacker to tamper with these accounts.
  • Do not use unchecked arithmetic. Although the likelihood of exploiting unchecked arithmetic in an unintended way may be low, the potential problem still exists and can have catastrophic consequences.

Ackee Blockchain Security’s full Wormhole audit report, which includes a detailed description of all findings and recommendations, can be found here.

We were delighted to appreciate Wormhole and look forward to working with them again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Guardian Rewards – Vault12

July 2, 2026

REAL launches confidentiality layer to expand institutional RWA adoption.

June 30, 2026

Crypto Inheritance: A Guide for Lawyers

June 26, 2026
Add A Comment

Comments are closed.

Recent Posts

Guardian Rewards – Vault12

July 2, 2026

Seamless Spending With Up To 120 USDT In Rewards

July 2, 2026

Banks Move on Euro Stablecoins

July 2, 2026

ORBS) Reports Total Holdings Of Approximately $386 Million, Includes OpenAI, Beast Industries, More Than 16,000 ETH And Over 283 Million WLD Tokens

July 2, 2026

JPMorgan Chase CEO opposes the Clarity Act and said banks will fight the bill in upcoming price hikes.

July 2, 2026

CZ blocks ETF withdrawal with $1 million Bitcoin call

July 2, 2026

Valle Capital Token Launches RWA And Agribusiness Ecosystem

July 1, 2026

Chainlink Price Prediction: Record Network Growth Meets Weak Tech

July 1, 2026

Ethereum Institutional Launches As Independent Non-Profit To Bring Institutional Finance Onchain At Scale

July 1, 2026

FxPro Eliminates Spread On Cryptos & Indices

July 1, 2026

EF’s new structure | Ethereum Foundation Blog

July 1, 2026

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Guardian Rewards – Vault12

July 2, 2026

Seamless Spending With Up To 120 USDT In Rewards

July 2, 2026

Banks Move on Euro Stablecoins

July 2, 2026
Most Popular

Celo Foundation: cLabs Introduces Dango, a New Layer 2 Testnet for Celo

July 7, 2024

Automated wallet leaks raise new cryptocurrency security concerns across the EVM network.

January 3, 2026

Bitcoin ETF Loses $338 Million on Christmas Eve

December 26, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2026 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.